network-link-*.service: Set stopIfChanged = false

This reduces the time window during which IP addresses are gone during switch-to-configuration. A complication is that with stopIfChanged = true, preStop would try to delete the *new* IP addresses rather than the old one (since the preStop script now runs after the switch to the new configuration). So we now record the actually configured addresses in /run/nixos/network/addresses/<interface>. This is more robust in any case. Issue https://github.com/NixOS/nixops/issues/640.
2017-04-04 14:18:49 +02:00 · 2017-04-04 14:18:49 +02:00 · 01dbf03628
commit 01dbf03628
parent 3a9c217804
2 changed files with 20 additions and 13 deletions
--- a/nixos/modules/security/polkit.nix
+++ b/nixos/modules/security/polkit.nix
@ -64,7 +64,7 @@ in
    systemd.packages = [ pkgs.polkit.out ];

    systemd.services.polkit.restartTriggers = [ config.system.path ];
-    systemd.services.polkit.unitConfig.X-StopIfChanged = false;
+    systemd.services.polkit.stopIfChanged = false;

    # The polkit daemon reads action/rule files
    environment.pathsToLink = [ "/share/polkit-1" ];
--- a/nixos/modules/tasks/network-interfaces-scripted.nix
+++ b/nixos/modules/tasks/network-interfaces-scripted.nix
@ -159,35 +159,42 @@ let
            after = [ "network-pre.target" ] ++ (deviceDependency i.name);
            serviceConfig.Type = "oneshot";
            serviceConfig.RemainAfterExit = true;
+            # Restart rather than stop+start this unit to prevent the
+            # network from dying during switch-to-configuration.
+            stopIfChanged = false;
            path = [ pkgs.iproute ];
            script =
              ''
+                # FIXME: shouldn't this be done in network-link?
                echo "bringing up interface..."
                ip link set "${i.name}" up

-                restart_network_interfaces=false
+                state="/run/nixos/network/addresses/${i.name}"
+
+                mkdir -p $(dirname "$state")
+
              '' + flip concatMapStrings (ips) (ip:
                let
                  address = "${ip.address}/${toString ip.prefixLength}";
                in
                ''
-                  echo "checking ip ${address}..."
+                  echo "${address}" >> $state
                  if out=$(ip addr add "${address}" dev "${i.name}" 2>&1); then
-                    echo "added ip ${address}..."
+                    echo "added ip ${address}"
                  elif ! echo "$out" | grep "File exists" >/dev/null 2>&1; then
                    echo "failed to add ${address}"
                    exit 1
                  fi
                '');
-            preStop = flip concatMapStrings (ips) (ip:
-                let
-                  address = "${ip.address}/${toString ip.prefixLength}";
-                in
-                ''
-                  echo -n "deleting ${address}..."
-                  ip addr del "${address}" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"
-                  echo ""
-                '');
+            preStop = ''
+              state="/run/nixos/network/addresses/${i.name}"
+              while read address; do
+                echo -n "deleting $address..."
+                ip addr del "$address" dev "${i.name}" >/dev/null 2>&1 || echo -n " Failed"
+                echo ""
+              done < "$state"
+              rm -f "$state"
+            '';
          };

        createTunDevice = i: nameValuePair "${i.name}-netdev"